Re: [Samba] Problem with netlogon\logon.bat not mapping all drives
Hallo, Jai, Du (jai.lamerton) meintest am 28.08.07: > My logon.bat file: > @echo off > NET TIME %LOGONSERVER% /SET /YES > NET USE * /DEL /YES > NET USE H: %LOGONSERVER%\%USERNAME% > NET USE I: %LOGONSERVER%\drivers > NET USE P: %LOGONSERVER%\public > NET USE S: %LOGONSERVER%\software > The only drive that sometimes gets mapped at login is S: the last one > in the list. What changes if you don't delete existent shares? Perhaps you should add "/persistent:no" after mounting the shares - it's not the problem you described. Viele Gruesse! Helmut -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Problem with netlogon\logon.bat not mapping all drives
Hi all, I was wondering if anyone could help me, I have searched for some reason but cannot find any. After migrating from a previous samba-3.0.10 (I think) PDC server to a newer samba-3.0.23c server on Centos5, I have the strange problem that my XP clients no longer map all the drives listed in the logon.bat during logon, however if I run logon.bat manually after I'm logged in, all drives are mapped fine. My logon.bat file: @echo off NET TIME %LOGONSERVER% /SET /YES NET USE * /DEL /YES NET USE H: %LOGONSERVER%\%USERNAME% NET USE I: %LOGONSERVER%\drivers NET USE P: %LOGONSERVER%\public NET USE S: %LOGONSERVER%\software The only drive that sometimes gets mapped at login is S: the last one in the list. My suspicion is that samba is not responding with the shares fast enough. However adding a 15 second delay to the top of logon.bat does not seem to do the trick. Regards, Jai -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
RE: [Samba] Samba 3.0.25c Going Nuts on our Network???
-Original Message- From: Volker Lendecke [mailto:[EMAIL PROTECTED] Sent: Monday, August 27, 2007 2:44 PM To: David C. Rankin Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: [Samba] Samba 3.0.25c Going Nuts on our Network??? On Mon, Aug 27, 2007 at 08:18:57AM -0500, David C. Rankin wrote: > I installed 3.0.25c on SuSE 10 this weekend and I discovered > another race condition. I have captured both tcpdumps and level 10 > logs. The files are large, but you can get them from > www.3111skyline.com/~david The files and sizes are: These are different. The traces you sent in last time had trans2notifies, this time it's a client going mad with asking for print queue status over and over again. Not sure what triggered this, but I would be very surprised if this was triggered with a .25b to .25c upgrade. > The race condition here seems related to my print to pdf script, > but I have never had any problems with it until 3.0.25b. When the > 3.0.25c race occurs, it is *huge* thousands and thousands of packets. > I hope you guys can find the culprit. If you need any additional > information, please do not hesitated to contact me and I'll send you > what you need. I don't think this is a race condition in the real computer science sense of that word. I can't see anything unusual in those logs. What kind of client is that? It's using the "old" LANMAN style printer calls. Did you set "disable spoolss = yes"? And, can you get us a debug level 10 log of the trans2findfirst/changenotify loop? Volker ___-- Volker, Jeremy: I'll keep monitoring the 3.0.25c install here at work and try to get a level 10 of the trans2findfirst/changenotify loop issue. I was out of the office most of the day today (yesterday now). I'm sure I'll catch it in the next day or so! I was pretty sure the 3111skyline problems wasn't the same, but I didn't understand what it was doing so I though I would pass it along. Thanks guys and I'll catch the right bug next time! David C. Rankin, J.D., P.E. Rankin Law Firm, PLLC 510 Ochiltree Street Nacogdoches, Texas 75961 (936) 715-9333 (936) 715-9339 fax www.rankinlawfirm.com -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] admin users security implications
Hi, MMC shares permission configuration is required by an AD administrator. I would like to add the admin users parameter to the Samba 3.0.24 server to provide this functionality, however I have some security concerns: Would it be possible for a connected user to fake the SID of an Administrator, and hence gain root access to the share? Does adding the admin users entry in the [globals] section differ in any way from manually adding it under each share? Cheers, Dave [global] workgroup = ADDOMAIN printcap name = /dev/null cups options = raw map to guest = Bad User include = /etc/samba/dhcp.conf logon path = \\%L\profiles\.msprofile logon home = \\%L\%U\.9xprofile logon drive = P: usershare allow guests = true idmap uid = 1-2 idmap gid = 1-2 use sendfile = true max xmit = 65535 strict locking = false strict sync = true add user script = /usr/sbin/useradd -s /bin/false %u delete user script = /usr/sbin/userdel %u server string = realm = ADDOMAIN.HERE.COM security = ADS winbind separator = + winbind enum groups = true winbind enum users = true wins server = 192.168.4.77 client schannel = no admin users = ADDOMAIN+administrator [homes] comment = Home Directories valid users = %S, %D%w%S browseable = false read only = false inherit acls = true [scratch] path = /mnt/scratch comment = scratch writeable = true guest ok = true sync always = false follow symlinks = true wide links = true ... -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba Logon Time and Logoff Time...
Dear Help, I am currently running Samba as a PDC (and several BDCs). I noticed that there are sambaLogonTime and sambaLogoffTime LDAP attributes that are currently unused integer values. I would like to be able to track each user's successful logins (in terms of a timestamp -- a hostname would be a bonus) for auditing purposes (especially for determining inactive logins). Currently, I've put together a script that searches through all of the log files for successful authentications and parses out the timestamp and hostname and then figures out if it's the most recent or not. Is there an easier way of doing this? (Or, does anyone know of any plans to start using sambaLogonTime and sambaLogoffTime for this purpose?) Thanks! -Matt -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Need a windows binary for smblookup
I don't see nmblookup any more . I used to use this tool quite often. Is it still available for windows? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SID
On Monday 27 August 2007 17:49, Edmundo Valle Neto wrote: > Dragan Krnic escreveu: > >> What I ended up doing was to use an LDAP browser > >> and edit the domain accounts for ech machine to > >> have the same SID. > > > > we're not using LDAP but we can manipulate the trivial > > data base file "secrets.tdb" to set the locl SID to > > any sensible SID. > > > > Is it OK to set the local SID to the same value as > > the domain SID? > > > > In our network the PDC server has the same local SID > > as the domain SID. All other member servers register > > the same domain SID for the domain and a totally > > different local SID for themselves in "secrets.tdb". > > > > This works quite well, except that sometimes there > > is an entry in samba logs that a domain-qualified > > user SID with correct RID for an existing user with > > the same UID=(RID-1000)/2 and same GIDs on all member > > servers can't be mapped to his name, e.g. > > > > [2007/08/21 20:48:26, 0] > > smbd/posix_acls.c:create_canon_ace_lists(1421) > > create_canon_ace_lists: unable to map SID > > S-1-5-21-3574958883-2392404172-2943802112-2590 to uid or gid. > > > > whereby RID=2590 translates to UID=795, a well-known > > user in our domain S-1-5-21-3574958883-2392404172-2943802112. > > > > Is it OK to set the local SID to the same value as > > the domain SID, as the quoted posting seems to imply? > > http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html# >id365521 > > "... there is now a safe copy of the local machine SID. On a PDC/BDC > this is the domain SID also." > > So, as the documentation says, yes, on a PDC/BDC the machine SID IS > equal to the domain SID. The local SID is the machine SID. Let it be ultimately clear - only a PDC and BDC may have the samba SID. On a PDC and BDC the Domain SID is the same as the machine SID. Domain member server may NOT have the same SID as the domain SID. The machine SID should be unique. It is the domain membership account that makes possible its participation within the domain. In every respect a domain member server is just like a domain member workstation, except that it will usually have more disk storage capacity. Additionally, there is usually no need for anyone to hand-craft a domain or server SID - Samba will autogenerate the SID. When setting up a BDC it is necessary to synchronize the Domain SID from the PDC. This is done by executing: net rpc getsid -S PDC The next step is to join the domain (something that should be done for the PDC, the BDC, and on all domain members) by executing: net rpc join I hope that answers the questions raised. - John T. -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Re: SID
Dragan Krnic escreveu: What I ended up doing was to use an LDAP browser and edit the domain accounts for ech machine to have the same SID. we're not using LDAP but we can manipulate the trivial data base file "secrets.tdb" to set the locl SID to any sensible SID. Is it OK to set the local SID to the same value as the domain SID? In our network the PDC server has the same local SID as the domain SID. All other member servers register the same domain SID for the domain and a totally different local SID for themselves in "secrets.tdb". This works quite well, except that sometimes there is an entry in samba logs that a domain-qualified user SID with correct RID for an existing user with the same UID=(RID-1000)/2 and same GIDs on all member servers can't be mapped to his name, e.g. [2007/08/21 20:48:26, 0] smbd/posix_acls.c:create_canon_ace_lists(1421) create_canon_ace_lists: unable to map SID S-1-5-21-3574958883-2392404172-2943802112-2590 to uid or gid. whereby RID=2590 translates to UID=795, a well-known user in our domain S-1-5-21-3574958883-2392404172-2943802112. Is it OK to set the local SID to the same value as the domain SID, as the quoted posting seems to imply? http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetCommand.html#id365521 "... there is now a safe copy of the local machine SID. On a PDC/BDC this is the domain SID also." So, as the documentation says, yes, on a PDC/BDC the machine SID IS equal to the domain SID. Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Eric Evans wrote: > Hello, > > I recently upgraded from Samba 3.0.22 to 3.0.25c on Solaris, and after doing > so I noticed a sudden proliferation of new error messages in the Samba log, > such as: > > [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) > setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all > old resources. > [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) > create_builtin_administrators: Failed to create Administrators ... > Can anyone tell me what is going on here, and how it can be fixed? What log level are you using? These should happen around level 2 IIRC. The first one is just for information and the second is normal if you are not running winbindd. cheers, jerry -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (Darwin) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFG01BIIR7qMdg1EfYRAkjnAKDoRXKnDWt03k/ry9FpFsOnkRgI4QCg5Vba 8FhbvH25o+qQyB5w/K3s04Y= =sPa+ -END PGP SIGNATURE- -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Subnet not visible in Network Neighbourhood
Alessandro FAGLIA escreveu: Hi list! I've got a debian "etch" box running samba 3.0.24. The server is a firewall (running Shorewall 3.2.6) with five NICs: eth0 -> DSL (it has a public IP address and it allows all the people browse by masquerading other interfaces) eth1 and eth3 -> bond0 (IP address is 192.168.1.1/24) eth2 and eth4 -> bond1 (IP address is 192.168.2.1/24) BTW, bond+ refers to an interface which enslaves two physical NICs. Samba is acting as WINS server, and I don't have other Windows Servers which acts as PDCs or WINS servers. There is no PDC in the network. The smb.conf is the following (only [global] section is reported): [global] workgroup = WORK server string = server Etch interfaces = 192.168.1.0/24, 192.168.2.0/24, 10.1.0.0/24, 127.0.0.1/8 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root hosts allow = 192.168.1., 192.168.2., 10.1., 127. 10.1.0.0/24 is a subnet for OpenVPN roadwarriors. The problem is that from my laptop (belonging to 192.168.1.0/24 subnet), running Windows XP Pro SP2, in the Network Neighbourhood I can only see machines belonging to my subnet. Machine of the other subnet are not listed, even if I can reach them (e.g. \\machine shows me shares and printers). The same for machines belonging to the second subnet, with the difference that they can only see machines in their subnet. I checked the firewall, and apparently there are no rules which block broadcast traffic between the two subnets. Any hint is GREATLY appreciated. TIA --Alessandro Read this (it explains how cross-subnet browsing works): http://us1.samba.org/samba/docs/man/Samba-HOWTO-Collection/NetworkBrowsing.html#id349811 In fact I recommend you to read the entire chapter about network browsing (it explains the roles of LMBs, DMBs, WINS, etc, and how they work). Regards. Edmundo Valle Neto -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] winbind and force user
I have winbind up and running and changed all of my users from the Windows 2003 server to the SAMBA server over the weekend, and no-one noticed. I have run into a problem with force user, and it may just be my understanding of how the paramter works. Following is my configuration for the share. [Barbara.Slevin] comment = Barbaba Slevin's Home Directory browseable = No valid users = mo+barbara.slevin,mo+jay.hall force user = mo+barbara.slevin create mode = 0770 directory mode = 0770 writeable = Yes I am logged in as jay.hall. With the force user statement in the configuration, I receive a message stating, "The specified network name is no longer available." This happens whether the force user name is in quotes or not. If I remove the force user statement from the share, I am able to connect to the share without any problems. Can I use the force user statement to map to a Windows 2003 user id (e.g. mo+barbara.slevin)? In reading the smb.conf documentation, I got the impression, it must map to a user id on the local system. If this is not the case, any suggestions as to what I am doing wrong would be greatly appreciated. Thanks, Jay -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] Add 2003 machine to samba domain: "Application popup: Windows - System Error : A duplicate name exists on the network."
On Monday 27 August 2007 10:35, Adam DiCaprio wrote: > I am getting a duplicate name error and then > "This computer was not able to set up a secure session with a domain > controller in domain MAIL1 due to the following: There are currently no > logon servers available to service the logon request. This may lead to > authentication problems. Make sure that this computer is connected to the > network. If the problem persists, please contact your domain administrator. > " > > I did some searches with no luck. I can authenticate against the domain and > see shares, but when I am adding a machine to the domain, everything > appears ok until after the reboot with these messages being logged in the > event log. This is a win2k3R2 machine connecting to samba 3.0.25b samba > machine with an openldap backend on RHEL4. > > There are no duplicate machine names on the network so it is like the > machine is being double registered or something. When I query LDAP there is > only a single record for the machine. > > [global] > workgroup = MAIL1 > netbios name = mail1 Your workgroup and server name are the same - in other words - you have a duplicate name! Please change one of them. - John T. > os level = 33 > debug level = 10 > preferred master = yes > enable privileges = yes > server string = %h server (Mail 1, Samba Server) > wins support =yes > dns proxy = no > name resolve order = wins bcast hosts > log file = /var/log/samba/log.%m > log level = 3 > max log size = 1000 > syslog only = no > syslog = 0 > panic action = /usr/share/samba/panic-action %d > security = user > encrypt passwords = true > ldap passwd sync = yes > passdb backend = ldapsam:ldap://localhost/ > ldap group suffix = ou=groups > ldap user suffix = ou=people > ldap machine suffix = ou=machines > obey pam restrictions = no > passwd program = /usr/bin/passwd %u > passwd chat = *Enter\snew\sUNIX\spassword:* %n\n > *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . > domain logons = yes > logon path = \\mail1\%U\profile > logon home = \\mail1\%U > add user script = /usr/sbin/adduser --quiet --disabled-password --gecos > "" %u > add machine script = /usr/sbin/adduser -d /var/lib/nobody -g 100 -s > /bin/false -M %u -- John H Terpstra Samba-Team Member Phone: +1 (650) 580-8668 Author: The Official Samba-3 HOWTO & Reference Guide, 2 Ed., ISBN: 0131882228 Samba-3 by Example, 2 Ed., ISBN: 0131882221X Hardening Linux, ISBN: 0072254971 Other books in production. pgpTDHpEeB698.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Re: SID
> What I ended up doing was to use an LDAP browser > and edit the domain accounts for ech machine to > have the same SID. we're not using LDAP but we can manipulate the trivial data base file "secrets.tdb" to set the locl SID to any sensible SID. Is it OK to set the local SID to the same value as the domain SID? In our network the PDC server has the same local SID as the domain SID. All other member servers register the same domain SID for the domain and a totally different local SID for themselves in "secrets.tdb". This works quite well, except that sometimes there is an entry in samba logs that a domain-qualified user SID with correct RID for an existing user with the same UID=(RID-1000)/2 and same GIDs on all member servers can't be mapped to his name, e.g. [2007/08/21 20:48:26, 0] smbd/posix_acls.c:create_canon_ace_lists(1421) create_canon_ace_lists: unable to map SID S-1-5-21-3574958883-2392404172-2943802112-2590 to uid or gid. whereby RID=2590 translates to UID=795, a well-known user in our domain S-1-5-21-3574958883-2392404172-2943802112. Is it OK to set the local SID to the same value as the domain SID, as the quoted posting seems to imply? -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Lots of "Failed to create" error messages after upgrading to 2.0.25c
Hello, I recently upgraded from Samba 3.0.22 to 3.0.25c on Solaris, and after doing so I noticed a sudden proliferation of new error messages in the Samba log, such as: [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(941) create_local_nt_token: Failed to create BUILTIN\Users group! [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 2] smbd/sesssetup.c:setup_new_vc_session(1200) setup_new_vc_session: New VC == 0, if NT4.x compatible we would close all old resources. [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_administrators(792) create_builtin_administrators: Failed to create Administrators [2007/08/27 15:36:03, 2] auth/auth_util.c:create_local_nt_token(914) create_local_nt_token: Failed to create BUILTIN\Administrators group! [2007/08/27 15:36:03, 0] auth/auth_util.c:create_builtin_users(758) create_builtin_users: Failed to create Users Can anyone tell me what is going on here, and how it can be fixed? Thanks a lot, EJ -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Add 2003 machine to samba domain: "Application popup: Windows - System Error : A duplicate name exists on the network."
I am getting a duplicate name error and then "This computer was not able to set up a secure session with a domain controller in domain MAIL1 due to the following: There are currently no logon servers available to service the logon request. This may lead to authentication problems. Make sure that this computer is connected to the network. If the problem persists, please contact your domain administrator. " I did some searches with no luck. I can authenticate against the domain and see shares, but when I am adding a machine to the domain, everything appears ok until after the reboot with these messages being logged in the event log. This is a win2k3R2 machine connecting to samba 3.0.25b samba machine with an openldap backend on RHEL4. There are no duplicate machine names on the network so it is like the machine is being double registered or something. When I query LDAP there is only a single record for the machine. [global] workgroup = MAIL1 netbios name = mail1 os level = 33 debug level = 10 preferred master = yes enable privileges = yes server string = %h server (Mail 1, Samba Server) wins support =yes dns proxy = no name resolve order = wins bcast hosts log file = /var/log/samba/log.%m log level = 3 max log size = 1000 syslog only = no syslog = 0 panic action = /usr/share/samba/panic-action %d security = user encrypt passwords = true ldap passwd sync = yes passdb backend = ldapsam:ldap://localhost/ ldap group suffix = ou=groups ldap user suffix = ou=people ldap machine suffix = ou=machines obey pam restrictions = no passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . domain logons = yes logon path = \\mail1\%U\profile logon home = \\mail1\%U add user script = /usr/sbin/adduser --quiet --disabled-password --gecos "" %u add machine script = /usr/sbin/adduser -d /var/lib/nobody -g 100 -s /bin/false -M %u -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Two Samba Domains
Hello, I have 2 Samba PDC's - DomA and DomB. My Windows 2000 machine is a member of DomA with drive mappings to some shares. If I try to browse a share on DomB, it prompts me for a username and password. It does not like my current username and password that i'm using with DomA even though I have setup the exact username and password on DomB's passwd and pdbedit files. However, if I change the password on DomB to something different to the one on DomA, and enter it when it prompts me when trying to browse a share on DomB, it works. Bottom line: For some reason Windows won't use the SAME username and password on 2 different domains. My question: Do I NEED WinBind to work in order to get this cross domain access to work? Are there any ways to be able to login to two different shares on different domains using the same username and password WITHOUT using WinBind? Thanks. Jason. -- Jason Coo Computer Engineer, P.Eng. The Fluid Life Corporation 1-877-962-2400 [EMAIL PROTECTED] -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Samba whith mysql
Hi, I would like to make with that the samba stores the users in a base mysql, that is possible? Verifying the messages of this list I found something on pdbsql, somebody possesss some how you explaining the use of pdbsql or the PAM_mysql? I am using the samba 3.0.24-r3 and mysql 5.0.44 Thanks, Naira -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd and pdbedit segfault
I'm using the Debian binary package for Samba which currently is 3.0.24. The problem causes all manner of samba binaries to crash, the 'pdbedit' -L or 'pdbedit ktccarthy' is the easiest thing to 'check'. I used the debian package configure options for a apples to RoundObjectWithAppleTaste(tm) comparison. Your suggestion led me to the following test : 1. I pulled the --with options from the debian package file for the linux architecture. They are listed below. 2. Since I was unable to apply the patch files to the source code, I simply compiled them without it. This includes the 3.0.24 tree as well, as I wanted the afore mentioned apple taste test. 3. Due to #3, I manually moved the passdb.tdb file to the /etc/samba directory and ran the pdbedit -L Results (I did 3.0.25c first, then worked backwards to see where it 'broke') VersionResult of pdbedit -L on /etc/samba/passdb.tdb 3.0.24 Segfaults 3.0.24seriespatched Segfaults 3.0.25 Does not segfault! 3.0.25cDoes not segfault! And just to be sure the apple pie is the same : diff -s /etc/samba/passdb.tdb /var/lib/samba/passdb.tdb Files /etc/samba/passdb.tdb and /var/lib/samba/passdb.tdb are identical I delved into what the new version of pdbedit from version 3.0.25could give me, and decided to try exporting the old passwd.tdb to a smbpasswd format via : ./pdbedit -e smbpasswd:/etc/samba/passdb-smbexport I then deleted the current /etc/samba/passdc.tdb file and imported via: ./pdbedit -i smbpasswd:/etc/samba/passdb-smbexport Thats when I found the error ! An account with uid 1011 and egm-btharrod$ did not exist in the passwd file as such, instead it had uid 1011 as egm-brendon$ I edited the export file to match the passwd entry, deleted and re-imported the smbpasswd dump and now, everything works as the 'bad' account had been cleaned up. The workstation had fits about this, so I removed it and re-added it I'm positive the inconsistencies came from deleting and re-creating the account with webmin-samba module, but doing something that caused the files to get out of sync. (Incidentally, this was the last thing 'changed' before the problems occurred, but since samba had never been SIGHUP'd, it never had the problem until we did a dist-upgrade and rebooted the machine!) Net result: The 3.0.25 version of pdbedit has a better fault tolerance and allowed me to export, clean up and import the bad entries, thus allowing me to continue running the debian package 3.0.24. Thanks for the help Volker :) That little tip nudged me in the direction I needed. Marc -- Configure switches : ./configure --cache-file=./config.cache --with-fhs --enable-shared \ --enable-static --disable-pie --prefix=/usr --sysconfdir=/etc \ --libdir=/etc/samba --with-privatedir=/etc/samba \ --with-piddir=/var/run/samba --localstatedir=/var --with-rootsbindir=/sbin \ --with-pammodulesdir=/lib/security --with-pam --with-syslog --with-utmp \ --with-readline --with-pam_smbpass --with-libsmbclient --with-winbind \ --with-shared-modules=idmap_rid,idmap_ad --with-automount --with-ldap \ --with-python=python --with-smbmount --with-cifsmount --with-acl-support \ --with-quotas Volker Lendecke wrote: On Sun, Aug 26, 2007 at 09:36:54PM -0800, Marc Casillo wrote: Whenever a particular user is referenced, either in in smbd or pdbedit, a segfault or security context stack overflow is generated. You did not specify the Samba version. But this rings a bell that it might have been a problem with 3.0.23. Can you reproduce this with 3.0.25c? Volker -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
[Samba] Subnet not visible in Network Neighbourhood
Hi list! I've got a debian "etch" box running samba 3.0.24. The server is a firewall (running Shorewall 3.2.6) with five NICs: eth0 -> DSL (it has a public IP address and it allows all the people browse by masquerading other interfaces) eth1 and eth3 -> bond0 (IP address is 192.168.1.1/24) eth2 and eth4 -> bond1 (IP address is 192.168.2.1/24) BTW, bond+ refers to an interface which enslaves two physical NICs. Samba is acting as WINS server, and I don't have other Windows Servers which acts as PDCs or WINS servers. There is no PDC in the network. The smb.conf is the following (only [global] section is reported): [global] workgroup = WORK server string = server Etch interfaces = 192.168.1.0/24, 192.168.2.0/24, 10.1.0.0/24, 127.0.0.1/8 bind interfaces only = Yes obey pam restrictions = Yes passdb backend = tdbsam passwd program = /usr/bin/passwd %u passwd chat = *Enter\snew\sUNIX\spassword:* %n\n *Retype\snew\sUNIX\spassword:* %n\n *password\supdated\ssuccessfully* . syslog = 0 log file = /var/log/samba/log.%m max log size = 1000 dns proxy = No wins support = Yes ldap ssl = no panic action = /usr/share/samba/panic-action %d invalid users = root hosts allow = 192.168.1., 192.168.2., 10.1., 127. 10.1.0.0/24 is a subnet for OpenVPN roadwarriors. The problem is that from my laptop (belonging to 192.168.1.0/24 subnet), running Windows XP Pro SP2, in the Network Neighbourhood I can only see machines belonging to my subnet. Machine of the other subnet are not listed, even if I can reach them (e.g. \\machine shows me shares and printers). The same for machines belonging to the second subnet, with the difference that they can only see machines in their subnet. I checked the firewall, and apparently there are no rules which block broadcast traffic between the two subnets. Any hint is GREATLY appreciated. TIA --Alessandro -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
Re: [Samba] smbd and pdbedit segfault
On Sun, Aug 26, 2007 at 09:36:54PM -0800, Marc Casillo wrote: > Whenever a particular user is referenced, either in in smbd or pdbedit, > a segfault or security context stack overflow is generated. You did not specify the Samba version. But this rings a bell that it might have been a problem with 3.0.23. Can you reproduce this with 3.0.25c? Volker pgpdFcdqQpbxo.pgp Description: PGP signature -- To unsubscribe from this list go to the following URL and read the instructions: https://lists.samba.org/mailman/listinfo/samba
